Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: How would ban on matrix protocol work
4 points by 2Gkashmiri on May 5, 2023 | hide | past | favorite | 5 comments
Hi.

Some days ago,Indian government in a news report said about banning 14 chat apps for "promoting terrorism" in effect because apparently these apps have e2ee and that they do not have any representative in India who could be punished for not giving Indian govt a backdoor access, which by effect WhatsApp must've given.

So, today element.io started getting blocked for me. 10 minutes later, it was back and another 10 minutes later it was back down.

Here is the question , If a hostile govt wants to "ban" matrix network for example, how would that work on the ground? Would they manually ban each and every thousands of public and private servers? Clients?

Matrix at least won't comply so how?

https://www.theweek.in/news/india/2023/05/01/14-messaging-apps-banned-in-jammu-and-kashmir-for-spreading-terror.html



ISPs have the ability to inspect your packets and get a good idea of what your traffic contains (used to detect piracy in many places). It might primarily rely on the government demanding that all domestic internet providers try to detect and block Matrix-like traffic.


Hopefully matrix packets when encrypted look just like any other encrypted internet traffic.

If there are identifying bits there, that's likely a bug in encryption.


Matrix packets are encrypted at the application-level of the OSI model. Deep packet inspection relies on inspecting all of the other data about the traffic and using it to block/terminate your connection:

https://security.stackexchange.com/questions/20814/does-usin...

https://en.wikipedia.org/wiki/OSI_model

A solid VPN is your best bet at getting around this.


Isn't Matrix protocol basically JSON-over-HTTPS? After TLS connection is negotiated, nodes in the middle have no idea what's going across the wire.

E2E encryption simply means that not even Matrix servers can decrypt messages.

Sure, you can track connections to existing, well known Matrix servers and act as a HTTPS client to figure out if a server is a Matrix server, but you can make it appear as any web server I guess.

You'd probably need to make it not respond to Matrix requests from unknown peers if you want to hide it, so you are right that one could easily block most of publicly accessible Matrix network for sure.


which homeserver are you on? they could simply be blocking matrix.org? (although this would already be a little tricky given matrix.org is behind cloudflare)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: